Redirection using headers

JustJay

This is at the top...

	$referer = getenv("HTTP_REFERER");

Further down the page when login info has been verified I had this...

header ("Location:  http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/home.php");

But I would like to be able to send a URL and if the person is not already logged in they would be directed to the LOGIN page and then back to the page they originally hit instead of going to the HOME PAGE....

So I tried this...

				if (empty($referer)) {
					header ("Location:  http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/home.php");
				} else {
						header ("Location: $referer");
						}
				exit();

Not working always goes to the home.php page...(home page)

IDEAS?

dalecosp

Idea would be

if (!$referer) {

instead of using empty. But I didn't take time to actually check....

JustJay

Didnt work... :-(

dalecosp

Tried $_SERVER['HTTP_REFERER'] ?

Also:

a. according to the manual you can't trust this variable to exist ....

b. In my testing, the variable doesn't exist unless you were sent there by a link (ie, a direct call from the browser address bar will not set the variable.....)

JustJay

Will try $_SERVER.....

However yes the URL will be there....cause if you type in http://www.thesite.com/protectedpage.php and you are not logged in - then you get bumped to http://www.thesite.com/login.php and currently if you pass the login test you get sent to http://www.thesite.com/home.php but i want to get back to http://www.thesite.com/protectedpage.php....

Clear as mud? 😕

dalecosp

What I was saying is this:

If you go to any page, and then type a URL in the browser address bar, the page that you typed in will not have a "REFERER" value sent to it, at least in some user agents (my test of this was via Mozilla 1.4).
The same is true with header("Location") AFAICT. You may wish to instantiate a session and set the URL of the referring page as a session variable instead.

Consider:

//ref1.php
<?php
header("Location: ref2.php");
?>

//ref2.php
<?php
echo $_SERVER['HTTP_REFERER'];
?>

//ref.html
<html>
Click <a href="ref2.php">here!</a>
</html>

Test and see if your results differ from mine....??

marcellusmar

This is the idea that I use and it seems to work very well:

After the user hits "Login" a processor.php is executed. If the user is validated then some attributes of the user are registered in the Session object, and the browser is redirected using header() to the next workflow step.

A verifyLoggeduser.php script was implemented to assert that the user is indeed logged for the session. This is a very simple script that checks for the same registered variables that "procesor.php" registered. If these var(s) is (are) not present then the "verifyLoggeduser.php" script redirects the user to the login page and exits. If the variable are there then the calling script carries on.

In every workflow step script, the first thing that happens is that the above "verifyLoggeduser.php" is require_once(). If the registered vars are not there then the browser is redirected to the login page.

Afte the user logs out, the registered session vars are unset and the session terminated.

Hope this helps. However, if you see a problem in my logic, please let me know.

Chers!

Mar

This is probably laborious but it works fine.

dalecosp

Originally posted by marcellusmar
In every workflow step script, the first thing that happens is that the above "verifyLoggeduser.php" is require_once(). If the registered vars are not there then the browser is redirected to the login page.

And of course, your whole post is fine, but are you really addressing the issue the OP has, which is something like, "If someone accesses a page and is redirected to the login script, how do I redirect them back to the page that redirected them in the first place after they've logged in?"

Giving a little further thought: I'd guess you'll have to start a session on every page. Prior to checking your access variables, set a session variable (say, $_SESSION['backtothispage'] for serious lack of better terminology 😃 ) and if the user is not verified, carry this variable thoughout the login process and then use [man]header/man to throw 'em back where they came from.

Hmm, now to implement that on that pesky "members only" community I've not worked on in months... 😉